leakage assessment methodology
play

Leakage Assessment Methodology - a clear roadmap for side-channel - PowerPoint PPT Presentation

Apr 15, 2023 •264 likes •746 views

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks & Countermeasures input output input output Timing, Power, EM,

  1. Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015

  2. Motivation Physical Attacks & Countermeasures input output … input output Timing, Power, EM, etc. Countermeasures: • Masking Higher-order Attacks • Hiding Univariate Multivariate Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 2

  3. Motivation Security Evaluation Does the chip leak information? Problem: Evaluation is not trivial. Non-Invasive Attack Testing Workshop, 2011 Goal: Establish testing methodology capable of robustly assessing the physical vulnerability of cryptographic devices. Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 3

  4. Motivation Attack-based Testing Perform state-of-the-art attacks on the device under test (DUT) Attacks Intermediate Leakage Types: Values: Models: • DPA • Sbox In • HW × × • CPA • Sbox Out • HD • MIA • Sbox In/Out • Bit • … • … • … Problems: • High computational complexity • Requires lot of expertise • Does not cover all possible attack vectors Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 4

  5. Motivation Information-theoretic Testing Computation of Mutual/Perceived Information Problems: • High computational complexity • Cannot focus on one statistical moment • Dependent on density estimation • Does not cover all possible attack vectors Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 5

  6. Motivation Testing based on t -Test Tries to detect any type of leakage at a certain order • Proposed by CRI at NIST workshop Advantages: • Independent of architecture • Independent of attack model • Fast & simple • Versatile Problems: • No information about hardness of attack • Possible false positives if no care about evaluation setup Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 6

  7. Outline 4. Efficient Computation 1. Statistical Background 5. Conclusion 2. Testing Methodology 3. Correct Measurement Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 7

  8. Statistical Background • t -Test Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 8

  9. Statistical Background t -Test Sample 𝑅 0 Sample 𝑅 1 Null Hypothesis: Two population means are equal. Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 9

  10. Statistical Background t -Test Sample 𝑅 0 Sample 𝑅 1 𝜈 1 𝜈 0 Sample mean: 2 2 𝑡 1 𝑡 0 Sample variance: 𝑜 1 𝑜 0 Sample size: 2 2 2 𝑜 0 + 𝑡 1 𝑡 0 𝑜 1 t = 𝜈 0 − 𝜈 1 v = 𝑢 -test statistic Degree of freedom 2 2 2 2 𝑡 0 𝑡 1 2 2 𝑜 0 + 𝑡 1 𝑡 0 𝑜 0 𝑜 1 𝑜 1 𝑜 0 − 1 + 𝑜 1 − 1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 10

  11. Statistical Background t -Test 𝑢 𝑤 Γ 𝑤 + 1 −𝑤+1 1 + 𝑢 2 2 Estimate the probability to accept null 2 𝑔 𝑢, 𝑤 = 𝜌𝑤 Γ 𝑤 hypothesis with Student’s 𝑢 distribution: 𝑤 2 ∞ 𝑞 = 2 𝑔 t, v 𝑒𝑢 Compute: |𝑢| Small 𝑞 values give evidence to reject the null hypothesis Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 11

  12. Statistical Background t -Test  For testing usually only the 𝑢 -value is estimated  Compared to a threshold of t > 4.5 • 𝑞 = 2𝐺 −4.5, 𝑤 > 1000 < 0.00001 • Confidence of > 0.99999 to reject the null hypothesis Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 12

  13. Testing Methodology Specific 𝒖 -Test • • Non-Specific t -Test • Higher Orders Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 13

  14. Testing Methodology Specific t -Test Measurements 𝑈 𝑗 𝑢𝑏𝑠𝑕𝑓𝑢 𝑐𝑗𝑢 𝐸 𝑗 = 0 𝑢𝑏𝑠𝑕𝑓𝑢 𝑐𝑗𝑢 𝐸 𝑗 = 1 With Associated Data 𝐸 𝑗 𝑅 0 𝑅 1 Specific t -Test:  Key is known to enable correct partitioning  Test is conducted at each sample point separately (univariate)  If corresponding 𝑢 -test exceeds threshold ⇒ DPA probable Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 14

  15. Testing Methodology Specific t -Test Measurements 𝑈 𝑗 𝒖𝒃𝒔𝒉𝒇𝒖 𝒄𝒛𝒖𝒇 𝑬 𝒋 = 𝒚 𝒖𝒃𝒔𝒉𝒇𝒖 𝒄𝒛𝒖𝒇 𝑬 𝒋 ≠ 𝒚 With Associated Data 𝐸 𝑗 𝑅 0 𝑅 1 Other classifications possible Specific t -Test:  Key is known to enable correct partitioning  Test is conducted at each sample point separately (univariate)  If corresponding 𝑢 -test exceeds threshold ⇒ DPA probable Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 15

  16. Testing Methodology Specific t -Test Example: PRESENT (last round)  addRoundKey, sBoxLayer, pLayer Bitwise: 3 × 64 tests  Sbox out bits (64 models) Nibblewise: 3 × 16 × 16 tests   Other tests possible Sbox 0 nibble (16 models) Problems:  Same as attack-based approach  Many different intermediate values  Many different models Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 16

  17. Testing Methodology Non-Specific t -Test Non-Specific t -Test:  fixed vs. random t -test  Avoids being dependent on any intermediate value/model  Detected leakage of single test is not always exploitable Measurements 𝑈 Measurements 𝑈 𝑗 𝑘 With Random With Fixed Associated Data D 𝑗 Associated Data D 𝑅 0 𝑅 1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 17

  18. Testing Methodology Non-Specific t -Test 𝑅 0 𝑅 1 100 50 𝜈 : 0 -50 -100 4000 4500 5000 5500 6000 6500 7000 t -Test 𝑡 2 : Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 18

  19. Testing Methodology Non-Specific t -Test  Non-specific t-test reports a detectable leakage ⇒ Specific t-test reports leakage with higher confidence  Other direction ( ⇐ ) cannot be concluded from a single non-specific t -test  Recommended to perform a number of non-specific tests with different fixed data Semi-fixed vs. random test:  Use a set of particular associated data instead of only one  All lead to certain intermediate value  Eliminates some of the drawbacks of fixed vs. random Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 19

  20. Testing Methodology Higher Orders 𝑇 1 𝑇 2 Multivariate:  Sensitive variable is shared: 𝑇 = 𝑇 1 ∘ 𝑇 2  Shares are processed at different time instances (SW)  Leakages at different time instances need to be combined first Centered Product: 𝑦′ = 𝑦 1 − 𝜈 1 ⋅ 𝑦 2 − 𝜈 2 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 20

  21. Testing Methodology Higher Orders 𝑇 1 𝑇 2 Univariate:  Shares are processed in parallel (HW)  Leakages at the same time instance need to be combined first Variance: 𝑦 ′ = 𝑦 − 𝜈 2 𝑒 In some cases: 𝑦 ′ = 𝑦−𝜈 𝑡 In general: 𝑦 ′ = 𝑦 − 𝜈 𝑒 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 21

  22. Correct Measurement • Setup • Case Study: Microcontroller • Case Study: FPGA • Recommendations Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 22

  23. Correct Measurement Setup PC Plaintext Ciphertext … Target Control Trigger Measure Pitfalls:  Order of fixed and random inputs should be random as well Oscilloscope  Communication between Control and Target should be masked (if possible) Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 23

  24. Correct Measurement CS: Microcontroller • AES with masking & shuffling (DPA contest v4.2) • No shared communication • First-order test • Leakage associated to unmasked plaintext Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 24

  25. Correct Measurement CS: Microcontroller Detectable first order leakage Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 25

  26. Correct Measurement CS: FPGA • NLFSR [1] • 2 nd – order threshold implementation • Test at different orders [1] A note on the security of Higher-Order Threshold Implementations Oscar Reparaz, ePrint Report 2015/001 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 26

  27. Correct Measurement CS: FPGA First Order No plaintext leakage Second Order No detectable leakage in first two orders (univariate) Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 27

  28. Correct Measurement CS: FPGA Fifth Order Second Order (bivariate) Might be vulnerable to bivariate second order attack Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 28

  29. Correct Measurement Recommendations Fixed vs. random:  DUT with masking countermeasure  With masked communication Semi-fixed vs. random:  DUT with hiding countermeasure  Without masked communication Specific t-test:  DUT with no countermeasures  Failed in former non-specific tests  Identify suitable intermediate values for key recovery Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 29

  30. Efficient Computation • Classical Approach • Incremental • Multivariate • Parallelization Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 30

  31. Efficient Computation Classical Approach Time Measurement Analysis Phase Phase 𝑈 0 𝑈 1 𝑈 t -Test Result 2 … 𝑈 𝑜−1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th , 2015 Motivation Security Evaluation Leakage Assessment Methodology | CHES 2015 | Tobias Schneider 2

1.15k views • 81 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015 Tobias Schneider &amp; Amir Moradi Ruhr-Universitt Bochum Embedded Security Group Outline Motivation Statistical Background Testing

461 views • 43 slides
An assessment of carbon leakage in the light of the COP-15 pledges. L. Paroussos., P.

An assessment of carbon leakage in the light of the COP-15 pledges. L. Paroussos., P.

An assessment of carbon leakage in the light of the COP-15 pledges. L. Paroussos., P. Karkatsoulis, K. Fragiadakis, P. Capros E3MLab/NTUA WIOD FP7 Research Project April 2012 1 Overview Modelling methodology and calibration of a

606 views • 26 slides
NAC Assessment Criteria, Methodology and Covid-19 Compliance 1 ASSESSMENT CRITERIA CHANGE The

NAC Assessment Criteria, Methodology and Covid-19 Compliance 1 ASSESSMENT CRITERIA CHANGE The

NAC Assessment Criteria, Methodology and Covid-19 Compliance 1 ASSESSMENT CRITERIA CHANGE The purpose of this presentation is to outline alterations to the criteria and methodology for application assessment by programme panel members to

626 views • 10 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital &lt; HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Deliverability Assessment Methodology Straw Proposal Paper Deliverability Assessment Methodology

Deliverability Assessment Methodology Straw Proposal Paper Deliverability Assessment Methodology

Deliverability Assessment Methodology Straw Proposal Paper Deliverability Assessment Methodology Straw Proposal Paper Stakeholder Meeting August 5, 2019 California ISO Public California ISO Public Agenda Time Item 9:00-9:30 Welcome and

545 views • 53 slides
Deliverability Assessment Methodology Draft Final Proposal Paper Deliverability Assessment

Deliverability Assessment Methodology Draft Final Proposal Paper Deliverability Assessment

Deliverability Assessment Methodology Draft Final Proposal Paper Deliverability Assessment Methodology Straw Proposal Paper Stakeholder Meeting October 4, 2019 California ISO Public California ISO Public Introduction Neil Millar Executive

789 views • 54 slides
Experimental Assessment of Experimental Assessment of p Brine and/or CO2 Leakage Brine and/or

Experimental Assessment of Experimental Assessment of p Brine and/or CO2 Leakage Brine and/or

Experimental Assessment of Experimental Assessment of p Brine and/or CO2 Leakage Brine and/or CO2 Leakage Th Through Well Cements at Through Well Cements at Th h W ll C h W ll C t t t t Reservoir Conditions Reservoir Conditions

737 views • 35 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei

Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei

Fast leakage assessment Oscar Reparaz COSIC / KU Leuven Benedikt Gierlichs CHES 2017 Taipei (Taiwan) 2017-09-26 Ingrid Verbauwhede 1 an empirical approach to test device security Enumerate all attacks, check if any is successful

359 views • 31 slides
Pressure Optimisation Introduction Why carry out Pressure Optimisation How and Who

Pressure Optimisation Introduction Why carry out Pressure Optimisation How and Who

Pressure Optimisation Introduction Why carry out Pressure Optimisation How and Who Methodology Modelling input Leakage saving assessment Scope of the project Case Study Sale Manchester Why pressure

540 views • 14 slides
The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water leakage can occur . To prevent leakage-related damages it sends an alert whenever water is detected. The device also visualizes its status on the online

234 views • 10 slides
The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads Wei Meng, Ren Ding, Simon P.

The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads Wei Meng, Ren Ding, Simon P.

The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads Wei Meng, Ren Ding, Simon P. Chung, Steven Han, Wenke Lee College of Computing Georgia Institute of Technology Outline Background &amp; Motivation Methodology

576 views • 34 slides
Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24

Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24

Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24 and December 3, 2015 Vivid Economics Overview Definition Theory Evidence Addressing leakage Why? Which sectors? How? 2

408 views • 29 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of

Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of

Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Boomerang Attack Square Attack D.

305 views • 16 slides
NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network

NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network Interfaces Network Interfaces LINUX command line utilities LINUX

598 views • 38 slides
Cogset vs. Hadoop Measurements and Analysis Steffen Viken Valvg Dag Johansen ge Kvalnes

Cogset vs. Hadoop Measurements and Analysis Steffen Viken Valvg Dag Johansen ge Kvalnes

Cogset vs. Hadoop Measurements and Analysis Steffen Viken Valvg Dag Johansen ge Kvalnes Dec 1, 2010 MAPRED2010 http://www.iad-centre.no 1 Context and Background Part of the international research project iAD , focusing on

341 views • 23 slides
Decoupled site building Drupal's next challenge Preston So 28 Sep 2017 DrupalCon

Decoupled site building Drupal's next challenge Preston So 28 Sep 2017 DrupalCon

Decoupled site building Drupal's next challenge Preston So 28 Sep 2017 DrupalCon Vienna 2017 Herzlich Willkommen! Preston So has been a web developer and designer since 2001, a creative professional since 2004, and a Drupal

1.35k views • 97 slides
OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display Shiqing Luo, Anh Nguyen, Chen Song, Feng Lin, Wenyao Zu, and Zhisheng Yan Georgia State University, San Diego State University, Zhejiang

593 views • 25 slides
Minimax Statistical Learning with Wasserstein distances Jaeho Lee &amp; Maxim Raginsky NeurIPS

Minimax Statistical Learning with Wasserstein distances Jaeho Lee &amp; Maxim Raginsky NeurIPS

Minimax Statistical Learning with Wasserstein distances Jaeho Lee &amp; Maxim Raginsky NeurIPS 2018 Poster #86 Minimax learning Goal: find the hypothesis minimizing the worst-case risk is an ambiguity set representing

271 views • 10 slides
Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel Secure Databases RBAC in Commercial DBMS Statistical Database Security Simone Fischer-Hbner Applied Security, DAVC17 Relational Database

194 views • 6 slides
Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th USENIX Workshop on Cyber Security Experimentation and Test Long Paper (Position) August 10, 2020 Motivation Phishing Attacks Advances in

387 views • 14 slides

More recommend